Products Downloads


French version


 

The Java EE security extension is compatible with the Pac4J Kerberos extension module. You need to include it explicitly in your build scripts (pac4j-saml).

runtime group:'org.pac4j',name:'pac4j-kerberos',version:'3.9.0'


The configuration takes the following form:

wagonSecurity:
   callbackUrl: https://host.domain.com/application/callback
 
corsAuthorizer:
   allowedOrigins: "*"
   allowedMethods: GET,POST,HEAD,OPTIONS,PUT,DELETE
   # allowedHeaders: Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization
   # preflightMaxage: 1800
 
clientsProperties:

 kerberos.principal: HTTP/host.domain.com@DOMAIN.COM

  kerberos.keytab: /path/to/tomcat.keytab


In Adelia Cloud, if the Web browser is configured to authorize Kerberos credential delegation, Kerberos credentials may be used to connect to the Adelia middleware in SSO mode.


The default role generator (com.hardis.adelia.jee.security.RoleGenerator) is not compatible with the Kerberos profiles so does not need to be configured.


  • kerberos.principal is the Kerberos principal used for authentication. It should be in HTTP/host.domain.com@DOMAIN.COM form where "host.domain.com" is the server host name and DOMAIN.COM the Kerberos realm.
  • kerberos.keytab indicates the Kerberos keytab file path. This must reference the principal's encryption key. The value may be prefixed by "conf:" to indicate a file in the conf directory or reference a JNDI URL.
  • kerberos.debug generates messages.


NB: the Kerberos client is handled by a "PropertiesConfigFactory" extension. There are no other parameters available apart from those listed above.


Top of page

 


  • Aucune étiquette